Well, you do the signature "by hand" without performing an
c14n step after Signature (this is what the WSS4J handlers do
implicitly).
After the WSSigneEnvelope you the a signed SOAP enevlope in
it raw format. Depending on what you like to do with this envelope
you may need to process it further, for example perform additional
c14n steps.
Having all the name spaces explicitly in the SOAP is correct while
not absolutely necessary. Most often failure of the Signature
is based on modification of the signed XML after it was signed.
Regards,
Werner
Siva Kumar wrote:
> When we sign a SOAP message (see the code below), the output contains
> lots of namespaces all over the place both on the SOAP header and on the
> Body . See attachment for a sample signed messages.
>
>
>
> Are all of these namespaces mandatory? If these namespaces are not
> mandatory, Is there any way to minimize the namespaces?
>
>
>
> Thanks & Best Regards,
>
> Siva.
>
> ------------------
>
> Code extract:
>
> public static Document generateSignature( Document document, String
> keyAlias, String password, KeyStore keyStore, String keyIdentifierOption )
>
> throws CredentialException, IOException, Exception
>
> {
>
> String soapNamespace =
> document.getDocumentElement().getNamespaceURI();
>
> WSSignEnvelope signature = new WSSignEnvelope();
>
> signature.setSignatureAlgorithm( WSConstants.RSA );
>
> signature.setSigCanonicalization(
> WSConstants.C14N_EXCL_OMIT_COMMENTS );
>
> if
> (keyIdentifierOption.equals("BST_DIRECT_REFERENCE"))
>
> {
>
> signature.setKeyIdentifierType( WSConstants.BST_DIRECT_REFERENCE);
>
> }
>
> else if(keyIdentifierOption.equals("ISSUER_SERIAL"))
>
> {
>
> signature.setKeyIdentifierType( WSConstants.ISSUER_SERIAL);
>
> }
>
> else
> if(keyIdentifierOption.equals("X509_KEY_IDENTIFIER"))
>
> {
>
> signature.setKeyIdentifierType( WSConstants.X509_KEY_IDENTIFIER);
>
> }
>
> else if(keyIdentifierOption.equals("SKI_KEY_IDENTIFIER"))
>
> {
>
> signature.setKeyIdentifierType( WSConstants.SKI_KEY_IDENTIFIER);
>
> }
>
> signature.setUserInfo( keyAlias, password );
>
> Vector signedParts = new Vector();
>
>
>
> WSEncryptionPart bodyPart = new WSEncryptionPart( "Body",
> soapNamespace, "" );
>
> signedParts.add( bodyPart );
>
> signature.setParts( signedParts );
>
>
>
> Merlin merlin = new Merlin( null );
>
> merlin.setKeyStore( keyStore );
>
>
>
> Document out = signature.build( document, merlin );
>
>
> ************************************************************************
> The information in this email, together with any attachments, is
> confidential and intended for the sole use of the addressee; the
> information may be legally privileged. Access, copying, disclosure or
> re-use, in any way, of the information contained in this email by anyone
> other than the addressee/addressees is not permitted. Kiln plc, its
> subsidiaries or affiliates (the Kiln Group) accept no legal
> responsibility for the content of the message. Any opinions or views
> presented are solely the responsibility of the author and do not
> necessarily represent those of the Kiln Group. If you have read this
> email in error, please return it to the sender.
>
> The Kiln Group monitors the content of emails sent and received via its
> network for the purposes of ensuring compliance with its policies and
> procedures. Although the Kiln Group attempts to filter emails and
> attachments for viruses, it does not guarantee that either is virus free
> and accepts no liability for any damage sustained as a result of viruses.
>
> The registered office of Kiln plc is 106 Fenchurch Street, London, UK
> EC3M 5NR
> ~~~~~~~~~~~~~
> This e-mail has been scanned for all viruses by Star Internet, visit:
> http://www.star.net.uk
> *********************************************************************
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
